RyanVM.net Discussion Board Forum Index RyanVM.net Discussion Board

 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

[Guide] How to (cleanly) replace a Windows application

 
Post new topic   Reply to topic    RyanVM.net Discussion Board Forum Index -> Update Pack Addons
View previous topic :: View next topic  
Author Message
code65536



Joined: 14 Mar 2007
Posts: 735
Location: .us

PostPosted: Fri Sep 07, 2007 3:54 pm    Post subject: [Guide] How to (cleanly) replace a Windows application Reply with quote

(Note: This is a guide, not a tutorial; it assumes that you are familiar with the basics covered by the other tutorials on this site. In the future, when I get a chance, I may put up some downloadable examples. In the meantime, some of the existing addons on this forum can serve as examples.)

There are basically three main ways to do an app replacement: (to clarify, by "app replacement", I mean replacing something a way such that you can invoke the new app the same as before, without having to edit shortcuts, file associations, etc.)


Method 1: Directly replace the Windows executable (unclean)
If your app is standalone (e.g., Notepad2), you can just replace the appropriate file in I386 with your app.

If your app is not standalone, then you will need to create a launcher for it, install your app to %ProgramFiles% (or whereever), and replace the Windows executable with the launcher (which will then subsequently call your app)

Pro: This is the simple and obvious way.
Con: Replacing system files will usually result in digital signature warnings from Windows File Protection. This is thus an "unclean" method.

n.b.: If the new app has a digital signature, then you can do a direct replacement without getting signature errors. For example, it's possible to cleanly replace Calculator with Calculator Plus, as long as you do not modify the executable and thus invalidate the signature. In the specific case of Calculator Plus, it's probably best to solve the help file problem by patching accessor.inf (sample addon) instead of hacking the executable and thus invalidating the signature.


Method 2: Use an image "hijack" (clean)
Examples of apps that use this method include Microsoft Sysinternals Process Explorer and my Notepad2 replacement installer. This method uses the "Image File Execution Options" registry key to cause Windows to launch your app whenever someone tries to run the "hijacked" app.

For example, my Notepad2 2.x replacement installer uses the following key (a slightly different key is used for my NP2 3.x installer and newer, but the concept is the same):
Code:
[Notepad2.AddReg]
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe","Debugger",0,"%16422%\Notepad2\Notepad2.exe"


The downside to this method is that it passes to your app the entire command line of the hijacked Windows app. For example, if I ran "notepad.exe foobar.txt", then Windows will launch "Notepad2.exe notepad.exe foobar.txt". Notice that the first parameter of the command line is no longer "foobar.txt", but is instead the name of the app that you hijacked, "notepad.exe". If your app doesn't care about what gets passed on the command line or if your app ignores that extra parameter, then this isn't a problem, but in the case of my Notepad2 replacement, this would result in Notepad2 trying to open "notepad.exe" instead of "foobar.txt". If this extra parameter poses a problem, then one way to work around it is by using a launcher that discards %1 (i.e., instead of passing %1 %2 %3 etc., the launcher will pass %2 %3 %4 etc.). Or if you are a programmer and have access to the source code of the app, you can tweak the app's command line parsing to have it discard that first parameter when appropriate (this is what I did with Notepad2).

Pro: Clean replacement that doesn't create digital signature warnings or upset WFP.
Con: Need for a launcher if that extra first parameter on the command line creates problems.


Method 3: Take advantage of path search precedence (clean)
When searching the PATH for an executable, Windows first searches the current directory and then the PATH variable, from left to right. This allows you to "replace" certain Windows apps by placing them in a location and adding that location to the start of the PATH environment variable, thus ensuring that Windows finds your app first, before it finds the old app.

For example, my method of replacing MAKECAB and EXPAND is by placing them in "%ProgramFiles%\Utilities" and then adding "%ProgramFiles%\Utilities" to the beginning of the PATH variable.

To add a path to the beginning of the PATH variable, you can either manually edit the registry (which carries the risk of clobbering any existing changes made to the PATH variable), use setx from Microsoft's resource toolkit (which carries the downside of converting the REG_EXPAND_SZ string into a REG_SZ string), or use my addpath tool (this is the tool that I use to set the environment variable for my own MAKECAB/EXPAND replacement addon)
Example: addpath pre "%ProgramFiles%\Utilities"

Pro: Clean replacement that doesn't create digital signature warnings or upset WFP.
Con: Does not work if the path to an app is explicitly specified (e.g., if someone explicitly runs "%SystemRoot%\system32\makecab.exe" instead of just "makecab.exe" or if the app is run from the directory of the old app (e.g., if you run makecab.exe from %SystemRoot%\system32). As a result of these limitations, this method makes sense mostly for command-line apps.


Recommendations
Personally, I never use method #1 (direct replacement). I always use method #3 (path precedence) for command-line apps (e.g., MAKECAB and EXPAND) or method #2 (image hijack) for all other apps (e.g., Notepad2). I avoid method #1 because I'm a perfectionist who likes to have zero WFP errors on my systems. Wink
_________________
My addons: CmdOpen - HashCheck - Notepad2 - MS Runtimes - DirectX

Into the breach, meatbags!


Last edited by code65536 on Mon Oct 13, 2008 3:05 pm
Back to top
View user's profile Send private message Visit poster's website
Justas



Joined: 29 Aug 2007
Posts: 9

PostPosted: Fri Sep 07, 2007 4:07 pm    Post subject: Reply with quote

Hmmm nice info! Very Happy Good to know some of these things lol.
Back to top
View user's profile Send private message
5eraph
Moderator


Joined: 05 Jul 2005
Posts: 3924
Location: Riverview, MI USA

PostPosted: Fri Sep 07, 2007 4:34 pm    Post subject: Reply with quote

I've taken the liberty of adding this tutorial to Siginet's list. It can be now be found here:
Back to top
View user's profile Send private message
RogueSpear



Joined: 23 Nov 2004
Posts: 1155
Location: Buffalo, NY

PostPosted: Fri Sep 07, 2007 8:56 pm    Post subject: Reply with quote

You never fail to impress. While we differ in philosophy - I prefer your method 1 "unclean" decription - the information is very well laid out and as usual, it contains a bunch of little things I never realized or had considered.
Back to top
View user's profile Send private message
benjamminzIS



Joined: 12 Jan 2007
Posts: 227

PostPosted: Sat Sep 08, 2007 10:39 pm    Post subject: Reply with quote

awesome, thank you much!
_________________
_coming soon, don't hold your breath
Back to top
View user's profile Send private message AIM Address
ENU_user



Joined: 25 Jan 2006
Posts: 1253

PostPosted: Sat Jul 26, 2008 4:07 pm    Post subject: Reply with quote

thanks
_________________
Resource Packer WPI Bee Addons_Undo
Back to top
View user's profile Send private message
crashfly



Joined: 13 Mar 2008
Posts: 788
Location: Arkansas, USA

PostPosted: Fri Oct 03, 2008 11:52 am    Post subject: Reply with quote

This is good information. I hope I have helped people see this tutorial and learn from it.
_________________
A mind is like a parachute, it only functions when it is open.
--Anonymous

How to Ask Questions the Smart Way
Back to top
View user's profile Send private message
Passion



Joined: 11 Jan 2009
Posts: 105
Location: Meow Bay

PostPosted: Mon Jan 19, 2009 9:25 am    Post subject: Re: [Guide] How to (cleanly) replace a Windows application Reply with quote

code65536 wrote:
Personally, I never use method #1 (direct replacement). I always use method #3 (path precedence) for command-line apps (e.g., MAKECAB and EXPAND) or method #2 (image hijack) for all other apps (e.g., Notepad2). I avoid method #1 because I'm a perfectionist who likes to have zero WFP errors on my systems. Wink
Why even bother leaving WFP on then? If you're truely a perfectionist, you wouldn't even have to use it..
_________________
| http://totalcmd.net/ | http://appdb.winehq.org/ | http://thezeitgeistmovement.com/ | http://doorbraak.eu/ |
Back to top
View user's profile Send private message
code65536



Joined: 14 Mar 2007
Posts: 735
Location: .us

PostPosted: Mon Jan 19, 2009 10:06 am    Post subject: Re: [Guide] How to (cleanly) replace a Windows application Reply with quote

Passion wrote:
Why even bother leaving WFP on then? If you're truely a perfectionist, you wouldn't even have to use it..

Naively hacking away a system service like that is not my idea of perfection. Rolling Eyes
_________________
My addons: CmdOpen - HashCheck - Notepad2 - MS Runtimes - DirectX

Into the breach, meatbags!
Back to top
View user's profile Send private message Visit poster's website
crashfly



Joined: 13 Mar 2008
Posts: 788
Location: Arkansas, USA

PostPosted: Mon Jan 19, 2009 11:11 am    Post subject: Re: [Guide] How to (cleanly) replace a Windows application Reply with quote

Passion wrote:
Why even bother leaving WFP on then? If you're truely a perfectionist, you wouldn't even have to use it..

And see, that would not necessarily be true. Code65536 himself might be a perfectionist, however a good majority of programs written for the Windows OS are not. WFP in addition to preventing normal human mistakes also helps to prevent programs that try to replace Windows programs (aka some virus, trojans, utilities that think they can do better). While it does not prevent the "well written" bad programs, it can stop the most casual program replacement.
_________________
A mind is like a parachute, it only functions when it is open.
--Anonymous

How to Ask Questions the Smart Way
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    RyanVM.net Discussion Board Forum Index -> Update Pack Addons All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group